Description
In Apache Ranger before 0.6.2, users with "keyadmin" role should not be allowed to change password for users with "admin" role.
Remediation
References
https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger
http://www.securityfocus.com/bid/94221